Good security is a combination of prevention, detection and response — robust, resilient, responsive.

Five years ago, that simple statement was novel. There were no purpose-built technologies that armed security teams with the capabilities needed to instruct, orchestrate and automate the incident response process. So there began Resilient Systems’ mission: to empower organizations to thrive in the face of cyberattacks and business crises.

We built the industry’s first Security Orchestration, Automation, and Response (SOAR) Platform. Now in version 25, it seamlessly connects with the myriad of security tools used by organizations today, creating an intelligent incident response hub. It brings together people, processes and technology with the potency and intelligence needed to fight today’s cyber battles.

Having pioneered this nascent market, today, we’re delighted to announce our intention to become part of the world’s fastest-growing enterprise security company, IBM Security. Once the acquisition is closed, the market will have leading prevention, detection and response technologies available in a single portfolio — the security trifecta.

Simply put, it helps customers transform their security posture.

We’ve found that organizations with capable response have greater cyber resilience. IBM Security General Manager Marc van Zadelhoff referred to the Ponemon Institute report we sponsored in 2015 that showed U.S. organizations were lacking response planning and preparedness while struggling for greater resilience. We recently released similar studies for the U.K. and Germany.

Like the U.S. study, these new reports show that there are clear global trends of insufficient planning, lack of collaboration and lack of focus on building capable response.

Combining our knowledge and expertise with IBM is a perfect fit culturally and technologically. We’re already integrated with IBM QRadar and IBM App Exchange in production environments, and the opportunity to deepen that integration and extend it into other IBM technologies makes for a compelling solution for our joint customers.

Our mission continues, but now at a level that we couldn’t possibly have accomplished on our own. We’re very excited for what’s in store for our employees, customers and partners.

More from Incident Response

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Breaking Down a Cyberattack, One Kill Chain Step at a Time

In today’s wildly unpredictable threat landscape, the modern enterprise should be familiar with the cyber kill chain concept. A cyber kill chain describes the various stages of a cyberattack pertaining to network security. Lockheed Martin developed the cyber kill chain framework to help organizations identify and prevent cyber intrusions. The steps in a kill chain trace the typical stages of an attack from early reconnaissance to completion. Analysts use the framework to detect and prevent advanced persistent threats (APT). Organizations…

Defining the Cobalt Strike Reflective Loader

The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams since its debut, continues to be heavily signatured by security solutions. To continue Cobalt Strikes operational usage in the past, we on the IBM X-Force…

What is a Red Teamer? All You Need to Know

A red teamer is a cybersecurity professional that works to help companies improve IT security frameworks by attacking and undermining those same frameworks, often without notice. The term “red teaming” is often used interchangeably with penetration testing. While the terms are similar, however, there are key distinctions. First and foremost is the lack of notice from red teams. Pen testing may be scheduled in advance to assess the ability of specific security measures to handle a simulated attack; red team…